Security Advisory

CVE-2020-36875

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-09 16:41:06

Last updated 2026-03-05 01:26:53

Assigner VulnCheck

State PUBLISHED

Description

AccessAlly WordPress plugin versions prior to 3.3.2 contain an unauthenticated arbitrary PHP code execution vulnerability in the Login Widget. The plugin processes the login_error parameter as PHP code, allowing an attacker to supply and execute arbitrary PHP in the context of the WordPress web server process, resulting in remote code execution.

← Browse all CVEs View on cve.org ↗